====== User management on VCenter appliance ======

===== Vspehere local admin users =====

List all users @vsphere.local
<cli prompt='#'>
root@vc04's password:
Last login: Fri Aug 14 13:42:30 2020 from 10.255.1.235
Connected to service

    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell
Shell access is granted to root
root@vc04 [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli group list --name Administrators
Enter password for administrator@vsphere.local:
cn=Administrator,cn=Users,dc=vsphere,dc=local
CN=machine-xxxxxx-7093-439c-aaaa-d3e5aa4912dc,CN=ServicePrincipals,DC=vsphere,DC=local
CN=vsphere-webclient-xxxxxx-7093-439c-aaaa-d3e5aa4912dc,CN=ServicePrincipals,DC=vsphere,DC=local
externalObjectId=S-1-5-21-xxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-1159
externalObjectId=S-1-5-21-xxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-1160
externalObjectId=S-1-5-21-xxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-1170
CN=VSM_SOLUTION_xxxxxx-e882-4ad0-aaaa-7d4c299685aa,CN=ServicePrincipals,DC=vsphere,DC=local
CN=deepsec,CN=Users,DC=vsphere,DC=local
CN=sadmin,CN=Users,DC=vsphere,DC=local
CN=tdpvmware,CN=Users,DC=vsphere,DC=local
</cli>

Create a new user account on SSO using dir-cli, and add it in group administrator.
<cli prompt='#'>
root@vc04 [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli user create --account user1 --first-name myname --last-name maylastname --user-password 'Welcome@123'
Enter password for administrator@vpshere.local:
User account [user1] created successfully
root@vc04 [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli group modify --name Administrators --add user1
Enter password for administrator@vpshere.local:
Account [user1] added to group [Administrators]
Group member [user1] added successfully
</cli>

Now you can access the vSphere web-client portal and try to login with newly created user.

We could also create the appliance management user account from the command prompt.

===== appliance management account =====

List the appliance management account.
<cli prompt='>'>
Command> localaccounts.user.list
Config:
  1:
      Username: root
      Status: enabled
      Role: superAdmin
      Passwordstatus: valid
      Fullname: root
      Email: ''

Command>
</cli>
 

Creating the appliance management account .
<cli prompt='>'>
Command> localaccounts.user.add --role operator --username unixarena --password
Enter password:
Reenter password:
Command>

Command> localaccounts.user.list
Config:
  1:
      Username: root
      Status: enabled
      Role: superAdmin
      Passwordstatus: valid
      Fullname: root
      Email: ''

 2:
      Username: unixarena
      Status: enabled
      Role: operator
      Passwordstatus: valid
      Fullname: unixarena
      Email: '
</cli>